Contents

Xen Statements

Xen policy supports additional policy language statements: iomemcon, ioportcon, pcidevicecon, pirqcon and devicetreecon that are discussed in the sections that follow, also the XSM/FLASK Configuration document contains further information.

Policy version 30 introduced the devicetreecon statement and also expanded the existing I/O memory range to 64 bits in order to support hardware with more than 44 bits of physical address space (32-bit count of 4K pages).

To compile these additional statements using semodule(8), ensure that the semanage.conf(5) file has the policy-target=xen entry.

iomemcon

Label i/o memory. This may be a single memory location or a range.

The statement definition is:

iomemcon addr context

Where:

iomemcon

The iomemcon keyword.

addr

The memory address to apply the context. This may also be a range that consists of a start and end address separated by a hypen (-).